Example 56 with LDAPObject
use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.
the class LDAPStorageProvider method searchForUserByUserAttributeStream.
@Override
public Stream<UserModel> searchForUserByUserAttributeStream(RealmModel realm, String attrName, String attrValue) {
try (LDAPQuery ldapQuery = LDAPUtils.createQueryForUserSearch(this, realm)) {
LDAPQueryConditionsBuilder conditionsBuilder = new LDAPQueryConditionsBuilder();
Condition attrCondition = conditionsBuilder.equal(attrName, attrValue, EscapeStrategy.DEFAULT);
ldapQuery.addWhereCondition(attrCondition);
List<LDAPObject> ldapObjects = ldapQuery.getResultList();
return ldapObjects.stream().map(ldapUser -> {
String ldapUsername = LDAPUtils.getUsername(ldapUser, this.ldapIdentityStore.getConfig());
UserModel localUser = session.userLocalStorage().getUserByUsername(realm, ldapUsername);
if (localUser == null) {
return importUserFromLDAP(session, realm, ldapUser);
} else {
return proxy(realm, localUser, ldapUser, false);
}
});
}
}
Also used :
Condition(org.keycloak.storage.ldap.idm.query.Condition)
CachedUserModel(org.keycloak.models.cache.CachedUserModel)
UserModel(org.keycloak.models.UserModel)
LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
LDAPQueryConditionsBuilder(org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder)
Example 57 with LDAPObject
use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.
the class LDAPStorageProvider method getUserByEmail.
@Override
public UserModel getUserByEmail(RealmModel realm, String email) {
LDAPObject ldapUser = queryByEmail(realm, email);
if (ldapUser == null) {
return null;
}
// Check here if user already exists
String ldapUsername = LDAPUtils.getUsername(ldapUser, ldapIdentityStore.getConfig());
UserModel user = session.userLocalStorage().getUserByUsername(realm, ldapUsername);
if (user != null) {
LDAPUtils.checkUuid(ldapUser, ldapIdentityStore.getConfig());
// If email attribute mapper is set to "Always Read Value From LDAP" the user may be in Keycloak DB with an old email address
if (ldapUser.getUuid().equals(user.getFirstAttribute(LDAPConstants.LDAP_ID))) {
return proxy(realm, user, ldapUser, false);
}
throw new ModelDuplicateException("User with username '" + ldapUsername + "' already exists in Keycloak. It conflicts with LDAP user with email '" + email + "'");
}
return importUserFromLDAP(session, realm, ldapUser);
}
Also used :
CachedUserModel(org.keycloak.models.cache.CachedUserModel)
UserModel(org.keycloak.models.UserModel)
ModelDuplicateException(org.keycloak.models.ModelDuplicateException)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
Example 58 with LDAPObject
use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.
the class LDAPStorageProvider method loadAndValidateUser.
/**
* @param local
* @return ldapUser corresponding to local user or null if user is no longer in LDAP
*/
protected LDAPObject loadAndValidateUser(RealmModel realm, UserModel local) {
LDAPObject existing = userManager.getManagedLDAPUser(local.getId());
if (existing != null) {
return existing;
}
String uuidLdapAttribute = local.getFirstAttribute(LDAPConstants.LDAP_ID);
LDAPObject ldapUser = loadLDAPUserByUuid(realm, uuidLdapAttribute);
if (ldapUser == null) {
return null;
}
LDAPUtils.checkUuid(ldapUser, ldapIdentityStore.getConfig());
if (ldapUser.getUuid().equals(local.getFirstAttribute(LDAPConstants.LDAP_ID))) {
return ldapUser;
} else {
logger.warnf("LDAP User invalid. ID doesn't match. ID from LDAP [%s], LDAP ID from local DB: [%s]", ldapUser.getUuid(), local.getFirstAttribute(LDAPConstants.LDAP_ID));
return null;
}
}
Also used :
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
Example 59 with LDAPObject
use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.
the class LDAPStorageProvider method findOrCreateAuthenticatedUser.
/**
* Called after successful kerberos authentication
*
* @param realm realm
* @param username username without realm prefix
* @return finded or newly created user
*/
protected UserModel findOrCreateAuthenticatedUser(RealmModel realm, String username) {
UserModel user = session.userLocalStorage().getUserByUsername(realm, username);
if (user != null) {
logger.debugf("Kerberos authenticated user [%s] found in Keycloak storage", username);
if (!model.getId().equals(user.getFederationLink())) {
logger.warnf("User with username [%s] already exists, but is not linked to provider [%s]", username, model.getName());
return null;
} else {
LDAPObject ldapObject = loadAndValidateUser(realm, user);
if (ldapObject != null) {
return proxy(realm, user, ldapObject, false);
} else {
logger.warnf("User with username [%s] aready exists and is linked to provider [%s] but is not valid. Stale LDAP_ID on local user is: %s", username, model.getName(), user.getFirstAttribute(LDAPConstants.LDAP_ID));
logger.warn("Will re-create user");
UserCache userCache = session.userCache();
if (userCache != null) {
userCache.evict(realm, user);
}
new UserManager(session).removeUser(realm, user, session.userLocalStorage());
}
}
}
// Creating user to local storage
logger.debugf("Kerberos authenticated user [%s] not in Keycloak storage. Creating him", username);
return getUserByUsername(realm, username);
}
Also used :
CachedUserModel(org.keycloak.models.cache.CachedUserModel)
UserModel(org.keycloak.models.UserModel)
UserManager(org.keycloak.models.UserManager)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
UserCache(org.keycloak.models.cache.UserCache)
Example 60 with LDAPObject
use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.
the class LDAPStorageProvider method addUser.
@Override
public UserModel addUser(RealmModel realm, String username) {
if (!synchronizeRegistrations()) {
return null;
}
UserModel user = null;
if (model.isImportEnabled()) {
user = session.userLocalStorage().addUser(realm, username);
user.setFederationLink(model.getId());
} else {
user = new InMemoryUserAdapter(session, realm, new StorageId(model.getId(), username).getId());
user.setUsername(username);
}
LDAPObject ldapUser = LDAPUtils.addUserToLDAP(this, realm, user);
LDAPUtils.checkUuid(ldapUser, ldapIdentityStore.getConfig());
user.setSingleAttribute(LDAPConstants.LDAP_ID, ldapUser.getUuid());
user.setSingleAttribute(LDAPConstants.LDAP_ENTRY_DN, ldapUser.getDn().toString());
// Add the user to the default groups and add default required actions
UserModel proxy = proxy(realm, user, ldapUser, true);
proxy.grantRole(realm.getDefaultRole());
realm.getDefaultGroupsStream().forEach(proxy::joinGroup);
realm.getRequiredActionProvidersStream().filter(RequiredActionProviderModel::isEnabled).filter(RequiredActionProviderModel::isDefaultAction).map(RequiredActionProviderModel::getAlias).forEachOrdered(proxy::addRequiredAction);
return proxy;
}
Also used :
CachedUserModel(org.keycloak.models.cache.CachedUserModel)
UserModel(org.keycloak.models.UserModel)
RequiredActionProviderModel(org.keycloak.models.RequiredActionProviderModel)
InMemoryUserAdapter(org.keycloak.storage.adapter.InMemoryUserAdapter)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
StorageId(org.keycloak.storage.StorageId)
Aggregations
LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)105
RealmModel (org.keycloak.models.RealmModel)61
Test (org.junit.Test)38
LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)37
ComponentModel (org.keycloak.component.ComponentModel)35
UserModel (org.keycloak.models.UserModel)28
GroupModel (org.keycloak.models.GroupModel)18
SynchronizationResult (org.keycloak.storage.user.SynchronizationResult)16
GroupLDAPStorageMapper (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)14
ModelException (org.keycloak.models.ModelException)11
LDAPDn (org.keycloak.storage.ldap.idm.model.LDAPDn)10
LDAPQuery (org.keycloak.storage.ldap.idm.query.internal.LDAPQuery)10
HashMap (java.util.HashMap)9
AbstractAuthTest (org.keycloak.testsuite.AbstractAuthTest)8
HashSet (java.util.HashSet)7
List (java.util.List)7
CachedUserModel (org.keycloak.models.cache.CachedUserModel)7
LDAPConfig (org.keycloak.storage.ldap.LDAPConfig)7
LDAPStorageMapper (org.keycloak.storage.ldap.mappers.LDAPStorageMapper)7
Map (java.util.Map)6
